Compromised Seed Phrase? What To Do

Table Of Contents

96% of people that get wrecked is USER ERROR!!! Learn the depths and philosophy of Seeds and How to keep from getting scammed and securing yourself before you wreck yourself in the crypto space!

Compromised? How did it happen?

—  Gave out your seed phrase?

  • NEVER GIVE YOUR SEED PHRASES TO ANYONE! EVEN IF THEY CLAIM TO BE FROM A SUPPORT GROUP, ADMIN/DEV

Your seed phrase is the key to your assets. You give your seed phrase out to anyone, you are giving them access to your entire vault of assets. Remember Being Your Own Bank, requires you to have that one secret recovery phrase (i.e. private key) to all your funds.

— Malicious DApps/Tokens?

Interacting (approving, transferring, swapping, connecting) with Decentralized App’s/Tokens/Smart contracts

  • A token or asset appears in your wallet that you do not recognize or have not bought yourself, DO NOT TOUCH, LEAVE IT ALONE!
    • When interacting with a token or asset you are dealing with a smart contract, which is written in lines of code and you could open yourself up for malicious attacks upon approving a contract (token/asset) in MM (MetaMask) prompt.
    • Token approvals can be checked and revoked. Ever have concerns that a contract could get exploited? As though you may not own the asset anymore, you still have the contract approved for the token to interact with your wallet. Exploited contract’s could possibly have access to move around other assets in your wallet. Read thoroughly through the MetaMask prompts and the kind of permissions you have allowed to interact with. Which could be quite hard if you don’t read coded contracts. ALWAYS BE WEARY of approving anything in this space without a deeper dive of what you are wanting accomplished.

The links below are to revoke approved contracts. Enter wallet address, then proceed to connecting your wallet via web3, once connected you can start to revoke.

https://etherscan.io/tokenapprovalcheckerhttps://bscscan.com/tokenapprovalchecker

Hacked/Socially Engineered 

Typing your Secret Recovery Phrase into a keyboard. Storing your secret recovery phrase in any digital notepad, encrypted online key storage, flash drives, CDs, cloud service (e.g., Dropbox, Apple), visiting porn sites, bad websites, clicking any suspecious malicious links, or even opening unsolicited emails.

  • These methods could compromise your seed phrases, by hackers using phishing links through emails and websites that addadds malware and gains control of your computer system, steal data and logs your keystrokes. Which gives hackers the ability to obtain your seed phrases and other secure credentials if stored anywhere in the device and also device also able to see every word typed. Clouds included, most likely they are registered with your ID and, thus, could be compromised.
  • Data collected can and will be used to cause you to lose all your funds and capture all your secure credentials and documents stored in your hard drive. 

Capturing a picture or video using a digital device that connects to an internet

  • If your device gets hacked or stolen a hacker will get all and any information from every location in your device.

The BEST way to store your keys offline, away from any RAM devices that have online connectivity, is owning a hardware wallet. Takes the private keys (seed phrase) and stores them on an external RAM OFFLINE!

 

There is no way to get your funds back, this is Decentralized Finance. Considering you have done 1 of 3 ways above to get compromised. Even if you have, and haven’t lost any  funds just assume it could still be compromised. The scammer could be waiting till you have a larger amount. It will be okay, learn from your mistakes and continue your journey. Don’t let it destroy you and chase you away from your financial freedom.

What is a Seed Phrase, can someone guess my Seeds?

Seed Phrase is a human-readable representation of a SEED, which is just a long string of random digits. Users will never see the strings of digits but will see the version that is by far the easiest to write down. The Seed Phrase pulls from a list of 2,048 unique words established as part of Bitcoin Improvement Proposal 39, or BIP39. Each word represents a range of bits in that long random number that is your SEED. Since 2,048 unique words in the BIP39 word list, guessing a 12 or 24-word seed phrase (which also must be in the correct order not just the words themselves) means correctly guessing a number between 1 and 5,444,517,900,000,000,000,000,000,000,000,000,000,000.

*The many names of seed phrases are known as the private key, secret recovery phrase, mnemonic phrase, secret words, BIP39 seed phrase, backup seed, and many more!

How does the Seed Work?

The Seed is used to generate your 1master private key, which generates the rest of your private keys. 2Private keys are used to generate the corresponding 2public keys, i.e., public address(es).

Private and Public Keys

  • A 256-bit key that gets generated from the seeds allows the creation of an infinite number of keys (public and private) at the start of a wallet.
  • If someone gets access to your seed phrases, they can take all your funds

Master Private Keys

  • Private key proves ownership of Public Key which is your public wallet address(es) 
  • The Public key (public address(es)) is used to receive. The private key allows a user to sign transactions by creating a digital signature and thus unlocking the ability to spend, swap, transfer.
  • You can create infinite public keys that are hashed then yields the public address(es) that derives from the private keys 
  • Users rarely have to see or directly interact with their private keys as your wallet manages all the complex math behind the scenes. 
  • If someone gets access to one of your private keys, they can take all the funds under that public address.

Example in a Transcation

  1.  Bob opens his wallet and enters Alice’s public key into the recipient field of the wallet.
  2. Bob proceeds to send HEX and the wallet software creates a transaction and gets signed using Richard’s private keys. If the digital signature generated corresponds to the HEX Bob is attempting to send, the transaction will then be accepted as valid by the network.
  3. The funds can now be accessed by whoever owns the private keys that correspond to Alice’s public key. In this case, which is Alice, as she is the only one who holds that private key.

Do you have a hardware wallet?

— YES, but I am still compromised?

If funds have been taken from you and you have a hardware wallet, you either have given your seed phrase away or have been a victim of the above mentioned phishing or malware attack. It’s okay, if you have caught it in time and still have assets left in the wallet. You want to hurry and send your assets out to another wallet you hold your keys to. We recommend having multiple hardware wallets, which means you can have your funds diversified and not ALL in one place, another good practice to have. If you only have 1 hardware wallet, you can then send to your exchange, where you off and on ramp fiat. Hold it elsewhere until you factory reset/wipe your device. Create a brand new 12-24 word seed phrase that will now be your main wallet with new seeds that you will keep better protected.

— No, buy a hardware wallet.

Go Visit our Hardware Wallets Guide

I recommend that you grab a hardware wallet ASAP, no, grab two. The reason for grabbing two is to provide yourself with an extra layer of security and diversify your assets so future hackers won’t get 100% of all your assets. Upon receiving your hardware wallets either from ledger.com or trezor.io.

PLEASE MAKE SURE YOU PURCHASE FROM MANUFACTURE’S OFFICIAL SITE!

You will need to create a brand new 12 or 24-word seed phrase and secure them using steps below. After completing creation you can then send any assets left from the compromised wallet (seed phrase) or any other wallet that you want to send from to fund the brand new uncompromised seed phrase.

  • One hardware wallet will be ‘MAIN’ for your daily trades, transfers, short-term stakes, yield farming, connecting to DApps (Decentralized Applications), fiat on and off ramping via centralized exchanges.
  • The second hardware wallet is your ‘VAULT’, which means you will be using this wallet for receiving funds, and probably long HEX stakes. Once you set up ‘VAULT’ you dont have to keep connecting in order to send your assets. Copy and paste your PUBLIC ADDRESS(ES) in your notes on your computer for easy access to grab and send to that address. USE AS A METHOD OF STORING! When stakes mature or you decide its time to pull out from the vault, is the only time you will need to connect the hardware wallet.

— I have HEX stakes, a hardware wallet, but have been compromised?

When having long stakes you are married to those seed phrases until they have matured. If you have been compromised, funds missing, but still have the HEX stake make sure you write down the date of end stake. You then will have to make sure you have and created a ‘VAULT’ wallet that we recommended using with another hardware wallet. When stake comes to maturity, end your stake and send the liquid HEX out of your compromised wallet. Never use the compromised seed phrase attached to that wallet anymore. Perform a factory reset/wipe of the hardware that held the compromised seed phrase. Generate a new seed phrase and proceed setting up your wallet that will now be your new ‘MAIN’ wallet. Once completed you can send funds to new ‘MAIN’ wallet address to fund for your daily trading or activity in the DeFi space. Making long stakes from your ‘VAULT’ wallet is best, because if your main was to ever get compromised again you have a better chance of not losing your stakes.

— I have sacrificed and/or I use a software based wallet other than MetaMask, which is Compromised?

If intended to participate in Pulsechain, you will need a MetaMask (MM) Wallet to access the network by entering RPC setting into metamask. Other wallets have not announced yet if they will be supporting Pulse Chain Network at first, probably in the future. Only applies to wallets you hold your private keys to. SAY NO TO CEX! YOUR KEYS – YOUR ASSETS! 

Sacrificed and haven’t been compromised, recommend grabbing some hardware wallets and preforming a migration.

Sacrificed and have been compromised also used a wallet besides MetaMask, now you are on a time race againts you and the scammer. Procceed with getting a hardware wallet to migrate your seed or private keys  Gotta get the RPC Loaded up in  your MetaMask, connected with hardware wallet of course,

4 DON'Ts

  • YOUR KEYS – YOUR ASSETS
    1. DO NOT share your 12 or 24-word Secret Recovery Phrase, Seed Phrases, or Private keys with any human!
    2. DO NOT accept DM from Impersonators! Admins, Mods, and Developers or anyone will never DM you offering to help and send a link to “authenticate your wallet”.
    3. DO NOT import your secret recovery phrase, seed phrases, or private keys to a wallet that someone gave you; any websites, extension/hot wallet; or your phone
    4. “STOP USING CRYPTO ON YOUR PHONE!” -PapahBoehner
    5. DO NOT click on any untrusted, suspicious links that you get from Discord servers, WhatsApp groups, WeChat groups, Telegram DMs, or Twitter DMs. These are all swindles. ALWAYS CHECK & VERIFY

Ways to store your Seed Phrases, so you can never lose them.

  • Cheaper but still useful go to the nearest hardware store and purchase a pack of stainless steel washers, and bolts. Dremel or any rotary tool (diamond tips work best) to engrave the washers with seed phrase then find a secure location, i.e., a fireproof safe in your home that only you have access to.
  • Titanium Plates also work great but a bit pricey to acquire and most come with punches and some with letter plates to insert.
  • Write down on a fireproof, waterproof paper (if you can find it) and place it in a fireproof safe that only you have access to.
  • You could also split and spread your seeds geographically (1/2 on one side of the house, 1/2 in another location that you have full access to when needed). You can shard it as many times, always have a BACKUP for original written down seeds that you should keep in your safe.

 

Nothing in this article or website is financial or taxation advice. For advice on these matters, please contact a registered professional adviser.

Who Are We?
Who Are We?

As members of the PulseChain community, HowToPulse.com mission is to make the onboarding process as simple as possible.
We did the research for you providing top quality information, tools, news and updates about PulseChain, HEX and PulseX

what is a pulsechain validator

V2 is out = Validator Registration is Possible It is now possible to become a validator and to delegate your PLS to your favourite validators! On December 10, 2021, PulseChain

Read More »
pulsechain VS etherium

In this article we will compare Pulsechain VS Ethereum, but first, a little bit about blockchain history. A bit of Blockchain history Many may wonder why there are so many

Read More »

Layer-1 Scaling Solutions In the decentralized ecosystem, a Layer-1 network refers to a blockchain, while a Layer-2 protocol is a third party integration that can be used in conjunction with

Read More »